Privacy Policy

Data Protection Statement

Applicability

The following Privacy Policy provides information about the principles applied by Promerit AG when handling your data. This Privacy Policy is based on the terminology used by the European regulator in issuing the General Data Protection Regulation (GDPR).

This Privacy Policy covers the collection, processing and use of both personal and non-personal data. Personal data is individual details about personal or material circumstances of a specific or identifiable natural person. Non-personal data is data that cannot be referred to a specific or identifiable person, e.g. data about general website use.

Name and address of the party responsible for the processing (“controller”)

The controller in terms of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions concerning data protection is:

Promerit AG

Torhaus Westhafen
Speicherstraße 57-59, 60327 Frankfurt am Main, Germany.
Registered office: Frankfurt am Main
Frankfurt am Main registrar of companies – commercial register no. – HRB 73783
VAT ID No.: DE 206435658.

Data Protection Officer

Promerit AG has opted to appoint INTARGIA Managementberatung GmbH, Max-Planck-Straße 20, 63303 Dreieich, Germany, as external Data Protection Officer.

1   Definitions

The data protection declaration of the “Promerit AG” is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to first explain the terminology used.

In this data protection declaration, we use, inter alia, the following terms:

a)    Personal data

Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b)    Data subject

Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.

c)    Processing

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d)    Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

e)    Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

f)     Pseudonymisation

Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g)    Controller or controller responsible for the processing

Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

h)    Processor

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

i)      Recipient

Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

j)      Third party

Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

k)    Consent

Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2   Data collection on our website

Collection and processing of your personal data

When you visit our website, we store certain information about the browser and operating system you use, the date and time of your visit, the access status (e.g. whether you were able to access a website or received an error message), the use of website functions, the search terms you may have entered, the frequency with which you access individual websites, the designation of files accessed, the amount of data transferred, the website from which you accessed our websites and the website which you visit from our websites, either by clicking on links on our websites or by entering a do-main directly in the input field of the same tab (or the same window) of your browser in which you opened our websites. We also store your IP ad-dress and the name of your Internet service provider for seven days for security reasons, in particular to prevent and detect attacks on our websites or attempts at fraud.

We only store other personal data if you provide this data, e.g. as part of a registration, a contact form, a survey, a price competition or for the execution of a contract, and even in these cases only insofar as this is permitted to us on the basis of a consent given by you or in accordance with the applicable legal provisions (further information on this can be found below in the section “Legal basis of processing”).

You are not legally or contractually obliged to make available your personal data. However, it is possible that certain functions of our websites depend on the availability of personal data. If you do not make available personal data in these cases, this may result in functions not being available or only being available to a limited extent.

2   Cookies

Cookies are small files that are placed on your desktop, notebook or mobile device by a website you visit. From this we can, for example, recognize whether there has already been a connection between your device and our websites, or which language or other settings you prefer. Cookies may also contain personal data.

Most of the cookies we use are so-called “session cookies.” They are automatically deleted after your visit. Other cookies remain in your device’s memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

Cookies which are necessary to allow electronic communications or to provide certain functions you wish to use are stored pursuant to Art. 6 paragraph 1, letter f of DSGVO. The website operator has a legitimate interest in the storage of cookies to ensure an optimized service provided free of technical errors. If other cookies (such as those used to analyze your surfing behavior) are also stored, they will be treated separately in this privacy policy.

Here you will find an overview of the cookies we use:

Essential Borlabs Cookies
Statistics Google Tag Manager, Google Analytics
External media Google Maps, Vimeo, YouTube

3   Server log files

The website provider automatically collects and stores information that your browser automatically transmits to us in “server log files”. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Date and Time of the server request
  • IP address
  • Internet-Service-Provider of the accessing computer
  • other similar data and information used in the case of attacks on our information technology systems

These data will not be combined with data from other sources.

The basis for data processing is Art. 6 (1) (f) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

4   Analysis of usage data; use of analysis tools

  1. We would like to tailor the content of our websites as precisely as possible to your interests and in this way improve our offer for you. In order to identify usage preferences and particularly popular areas of the websites, we use the following analysis tool(s): Google Analytics
  2. When using these analysis tools, data may be transferred to servers located in the USA and processed there. Please note the following: In the USA, the European Union considers that there is no “adequate level of protection” for the processing of personal data in accordance with EU standards. However, this level of protection can be replaced for individual companies by certification according to the so-called “EU-U.S. Privacy Shield”.
  3. If you do not want us to collect and analyze information about your visit to our website using the analysis tools mentioned above, you can object to this at any time with effect for the future (“opt-out”).

We implement your objection by setting an opt-out cookie in your browser. This cookie is only used to associate your objection. Please note that for technical reasons, an opt-out cookie only works in the browser in which it was set. If you delete the cookies or use a different browser or device, please opt-out again.

  1. Below you will find information on the providers of the analysis tools we use and the respective opt-out options:
  • Google Inc. (“Google“): Google is certified according to the EU-U.S. Privacy Shield.
    You can prevent the transfer of your data and its collection and processing by Google. Google informs about this via the following link: https://tools.google.com/dlpage/gaoptout?hl=en

5   Contact form

Should you send us enquiries via the contact form, per mail or any other opportunity on our website, we will collect the data entered on the form, including the contact details you provide (e.g. first name, surname, e-mail address, telephone number, company name, town and postcode) in the customer-relationship-management system – CRM – if necessary for the purpose of processing the enquiry and in the event of any follow-up questions.

The CRM used by us is Sugarcrm Inc.;10050 N. Wolfe Rd. SW2-130, Cupertino, CA 95014, USA; For the privacy policy: https://www.sugarcrm.com/de/legal/privacy-policy/.

We do not share this information without your permission. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

We will retain the data you provide on the contact form (name, surname, e-mail address, telephone number, company name) until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.

3   Purposes of use

  1. We use the personal data collected when you visit our website in order to operate it in the most convenient manner for your use and to protect our IT systems from attacks and other illegal activities.
  2. If you provide us with further personal data, e.g. within the scope of a registration, a contact form, a survey, a price competition or for the execution of a contract, we use this data for the purposes mentioned, for the purposes of customer administration and – if necessary – for the purposes of processing and accounting of any business transactions, in each case to the extent required for this.

4   Your data protection rights

Promerit is committed to ensuring fair and transparent processing. That is why it is important to us that persons concerned can not only exercise their right to object but also to exercise the following rights where the respective legal requirements are satisfied:

To enforce your rights, please use the details provided in the “Contact” section (see no. 13). In doing so, please ensure that an unambiguous identification of your person is possible.

  • Right to information and access
    You have the right to obtain confirmation from us about whether or not your personal data is being processed, and, if this is the case, access to your personal data.
  • Right to correction and deletion
    You have the right to obtain the rectification of inaccurate personal data. As far as statutory requirements are fulfilled, you have the right to obtain the completion or deletion of your data.
    This does not apply to data which is necessary for billing or accounting purposes or which is subject to a statutory retention period. If access to such data is not required, however, its processing is restricted (see the following).
  • Restriction of processing
    As far as statutory requirements are fulfilled you have the right to demand for restriction of the processing of your data.
  • Data portability
    As far as statutory requirements are fulfilled you may request to receive data that you have provided to us in a structured, commonly used and machine-readable format or – if technically feasible – that we transfer those data to a third party.
  • Right of objection
    Objection to direct marketing: Additionally, you may object to the processing of your personal data for direct marketing purposes at any time. Please take into account that due to organizational reasons, there might be an overlap between your objection and the usage of your data within the scope of a campaign which is already running.
    Objection to data processing based on the legal basis of “legitimate interest”: In addition, you have the right to object to the processing of your personal data at any time, insofar as this is based on “legitimate interest”. We will then terminate the processing of your data, unless we demonstrate compelling legitimate grounds according to legal requirements which override your rights.
  • Withdrawal of consent
    In case you consented to the processing of your data, you have the right to revoke this consent at any time with effect for the future. The lawfulness of data processing prior to your withdrawal remains unchanged.
  • Right to lodge complaint with supervisory authority
    You have the right to lodge a complaint with a supervisory authority. You can appeal to the supervisory authority which is responsible for your place of residence or your state of residency or to the supervisory authority responsible for us.

5   Transfer of personal data to third parties; social plug-ins; Use of service providers

  1. Our websites may also contain offers of third parties. If you click on such an offer, we transfer data to the respective provider to the required extent (e.g. information that you have found this offer with us and, if applicable, further information that you have already provided on our websites for this purpose).
  2. When we use social plug-ins on our websites from social networks such as Facebook, Twitter, Xing and LinkedIn, we integrate them as follows:

When you visit our websites, the social plug-ins are deactivated, i.e. no data is transmitted to the operators of these networks. If you want to use one of the networks, click on the respective social plug-in to establish a direct connection to the server of the respective network.

If you have a user account on the network and are logged in when you activate the social plug-in, the network can associate your visit to our websites with your user account. If you want to avoid this, please log out of the network before activating the social plug-in. A social network cannot associate a visit to other Daimler websites until you have activated an existing social plug-in.

When you activate a social plug-in, the network transfers the content that becomes available directly to your browser, which integrates it into our websites. In this situation, data transmissions can also take place that are initiated and controlled by the respective social network. Your connection to a social network, the data transfers taking place between the network and your system, and your interactions on that platform are governed solely by the privacy policies of that network.

The social plug-in remains active until you deactivate it or delete your cookies.

  1. If you click on the link to an offer or activate a social plug-in, personal data may reach providers in countries outside the European Economic Area that, from the point of view of the European Union (“EU”), may not guarantee an “adequate level of protection” for the processing of personal data in accordance with EU standards. Please remember this fact before clicking on a link or activating a social plug-in and thereby triggering a transfer of your data.

Use of Facebook plugins
Facebook is provided under www.facebook.com by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, and under www.facebook.de by Facebook Ireland Limited, Hanover Reach, 5–7 Hanover Quay, Dublin 2, Ireland (“Facebook”). You will find an overview of the plugins from Facebook and their appearance here:
https://developers.facebook.com/docs/plugins/?locale=en_EN; you will find information on data protection at Facebook here: http://www.facebook.com/policy.

Use of Twitter plugins
Twitter is provided by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”). You will find an overview of the plugins from Twitter and their appearance here: https://developer.twitter.com/; you will find information on data protection at Twitter here: https://twitter.com/de/privacy.

Use of LinkedIn plugins
LinkedIn is provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (“LinkedIn”). You will find an overview of the plugins from LinkedIn and their appearance here: https://developer.linkedin.com/plugins; you will find information on data protection at LinkedIn here: https://www.linkedin.com/legal/privacy-policy.

Use of Instagram plugins
Instagram is provided by Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA (“Instagram”). You will find information on data protection at Instagram here: https://help.instagram.com/155833707900388.

Use of Xing plugins
Xing is provided by XING SE, Dammtorstraße 30, 20354 Hamburg, Deutschland (“Xing”). You will find an overview of the plugins from Xing and their appearance here: https://dev.xing.com/ and you will find information on data protection at Xing here: https://privacy.xing.com/en/privacy-policy.

Use of YouTube Plugin
Our website uses plugins from the Google-powered YouTube page. Site operator is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit one of our YouTube plug-in-enabled sites, you will be connected to the servers of YouTube. It tells the YouTube server which of our pages you’ve visited. If you’re logged into your YouTube account, YouTube will allow you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account. The use of YouTube is in the interest of an attractive presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. For more information about how to handle user data, please refer to the YouTube Privacy Policy at https://www.youtube.com/intl/en/about/policies/#community-guidelines.

Use of Vimeo Plugin
Our website uses plugins from the Vimeo page. Site operator is Vimeo, Inc., 555 West 18th Street, New York, New York 10011. When you visit one of our Vimeo plug-in-enabled sites, you will be connected to the servers of Vimeo. It tells the Vimdeo server which of our pages you’ve visited. If you’re logged into your Vimeo account, Vimeo will allow you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your Vimeo account. The use of Vimeo is in the interest of an attractive presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. For more information about how to handle user data, please refer to the Vimeo Privacy Policy at https://vimeo.com/privacy.

Use of Google Maps Plugin
This page uses the map service Google Maps via an API. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

For the use of the functions of Google Maps it is necessary to store your IP address. This information is usually transmitted to a server of Google LLC in the USA and saved there. The provider of this page does not have any influence on this transmission of data.

The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy retrievability of the places listed by us on the website. This represents a predominant legitimate interest on our part within the meaning of article 6 section 1 lit. f GDPR.

Please see the privacy policy of Google for more information on the handling of user data:
https://www.google.de/intl/de/policies/privacy/.

Use of Google web fonts
This site uses so-called web fonts of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA for the uniform display of fonts. When you access a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

For this purpose, the browser you are using has to connect to the servers of Google. This informs Google that our website was accessed via your IP address. The use of Google web fonts is in the interest of a uniform and appealing presentation of our online offers. This represents a predominant legitimate interest on our part within the meaning of article 6 section 1 lit. f GDPR.

Your computer will use a standard font if your browser does not support web fonts.

For more information about Google web fonts please see https://developers.google.com/fonts/faq and the privacy policy of Google: https://www.google.de/intl/de/policies/privacy/.

Liability for links

Our offer contains links to external websites of third parties, on whose contents we have no influence. Therefore we cannot assume any liability for these external contents. The respective provider or operator of the sites is always responsible for the contents of the linked sites. The linked pages were checked for possible legal violations at the time of linking. Illegal contents were not identified at the time of linking.

However, a permanent control of the contents of the linked pages is not reasonable without concrete evidence of a violation of the law. If we become aware of any violations of the law, we will remove such links immediately.

6   Data protection for applications and during the application process

We collect and process the personal data of applicants for the purpose of processing the application process. Processing can also be done electronically. This is particularly the case if an applicant sends the relevant application documents to the responsible person, for example by email or via a web form on the website. If we conclude an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the legal requirement. If we do not conclude an employment contract with the applicant, the application documents will be deleted within the legally applicable period.

The tools and systems we use therefor are: Workday, Talentry, Cut-e.

We use Workday Inc. for uploading and administration of applicant data. (e.g. address data, e-mail address, telephone number, date of birth, salary data, resume, application photo, certificates, aptitude diagnostic documents). Registered office: 6110 Stoneri-dge Mall Road Pleasanton, CA 94588 USA, link to the privacy policy: https://www.workday.com/de-de/privacy.html

We use Talentry for employee recruitment and retention. In the case of an application via the tool, the data provided by the applicant (e.g. address data, e-mail address, telephone number, date of birth, salary data, CV, application photo, certificates, aptitude diagnostics documents) is stored in the system for the duration of the application process.  Registered office: Nymphenburger Str. 86 80636 Munich, link to the data protection declaration: https://www.talentry.com/dataprotection/

We use Cut-e (an Aon Company) for the performance of diagnostics. Registered office: Großer Burstah 18-32 20457 Hamburg; For the privacy policy: https://assessment.aon.com/de-de/datenschutzerklaerung

7   Newsletter

If you have given your consent on the website to receive the newsletter – until you revoke it, or the termination of the newsletter dispatch by Promerit – we would like to give you the following information:

The legal basis for processing is consent.

Your consent relates to the processing of the following personal data you have voluntarily submitted:

  • E-mail address
  • Last name, first name, title, gender / title
  • Company name
  • Postal code and city
  • Telephone & fax no.

Your consent serves the purpose of using your email address to send the newsletter to the named address.

The newsletter informs you about events and new services of Promerit/Mercer.

In each newsletter, we analyze your usage behavior using cookies and similar technologies for the individualization of communication – e.g. Openings, clicks, reading time and possible bookings are analyzed.

The personalization in the newsletter is based on analysis:

  • Your interaction with the newsletter
  • Your voluntarily provided master data
  • your IP address
  • Your existing and future bookings

The following systems and technologies are used in newslettering:

8   Website hosting and services

The website operator together with the agency Smack Communications has created and hosted this website using the CMS WordPress, using services that WordPress has integrated into its content management system and hosting. These services ensure the functionality of the page. The website is hosted by the agency Webfox.

Webfox Agency, Headquarters: Einsteinufer 63 Einstein-Höfe, 1. courtyard, 2. floor, 10587 Berlin; About the privacy policy: https://www.agentur-webfox.de/datenschutz/

Smack Communications GmbH, headquarters: Kurfürstendamm 194, Haus Cumberland,10707 Berlin ; About the privacy policy: https://www.smack-communications.com/datenschutzerklarung/

WordPress, registered office: Aut O’Mattic A8C Ireland Ltd, Business Centre, No.1 Lower Mayor Street International Financial Services Centre, Dublin 1, Ireland; For the privacy statement: https://automattic.com/de/privacy/

9. Google Analytics

This website uses the “Google Analytics” service, which is operated by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), to analyse the use of the website by users. This service uses “cookies” – small text files which are stored on your terminal. The information collected by the cookies is usually transferred to a Google server in the USA and stored there.

IP anonymisation applies to this website. The IP address of users is shortened within the member states of the EU and the European Economic Area. This shortening means that your IP address can no longer be attributed to you as an individual. Within the scope of the third-party data processing agreement which the website operators have concluded with Google Inc., Google Inc. uses the collected information to create an analysis of website use and website activity and provides services related to internet use.

You have the option to prevent the setting of cookies on your device by configuring your browser settings accordingly. We cannot guarantee that you will be able to access all functions of this website without restriction if your browser does not allow cookies.

Furthermore, you may use a browser plugin to prevent the information collected by cookies (including your IP address) being sent to Google Inc. and being used by Google Inc. The plugin is available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de

Alternatively, you can prevent Google Analytics from collecting data about you on this website by clicking on this button. By clicking on the button above, you download an “opt-out cookie”. Your browser must therefore generally allow cookies to be saved. If you delete your cookies regularly, you will need to click the button again each time you visit this website.

More information on data usage by Google Inc. can be found here: https://support.google.com/analytics/answer/6004245?hl=de

10. Data economy

In accordance with the principles of data reduction and economy, we store personal data only as long as storage is required or is prescribed by statute (statutory retention period). Once the purpose of the collected information no longer applies or the retention period expires we block or delete the data.

11. Revision of the Privacy Policy

Promerit AG will review and amend this Privacy Policy from time to time. We therefore recommend that you read the provisions of this Privacy Policy from time to time to ensure that you are up to date on how Promerit AG collects, processes and uses your data.

12. Further information

If you have any questions regarding our Privacy Policy, please do not hesitate to contact datenschutzpromerit.com. For general questions, please use the contact form on our website.